Re: [v6ops] DoS attacks (ICMPv6-based) resulting from IPv6 EH drops
神明達哉 <jinmei@wide.ad.jp> Mon, 25 August 2014 17:58 UTC
Return-Path: <jinmei.tatuya@gmail.com>
X-Original-To: v6ops@ietfa.amsl.com
Delivered-To: v6ops@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 24B211A00A5; Mon, 25 Aug 2014 10:58:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 1.722
X-Spam-Level: *
X-Spam-Status: No, score=1.722 tagged_above=-999 required=5 tests=[BAYES_50=0.8, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FM_FORGED_GMAIL=0.622, FREEMAIL_FROM=0.001, MIME_8BIT_HEADER=0.3, SPF_PASS=-0.001] autolearn=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Hk7qsVTCdNcZ; Mon, 25 Aug 2014 10:58:22 -0700 (PDT)
Received: from mail-wg0-x230.google.com (mail-wg0-x230.google.com [IPv6:2a00:1450:400c:c00::230]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 371FC1A0218; Mon, 25 Aug 2014 10:57:09 -0700 (PDT)
Received: by mail-wg0-f48.google.com with SMTP id x13so13372318wgg.31 for <multiple recipients>; Mon, 25 Aug 2014 10:57:07 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=8AEwR/qdwLRtrhs0vjkZXkdNI+3PyE6FWEdilm1Q0BQ=; b=Pzm7Dugq7SlIvhrwyj2HMqu7OR86ocvpbftyMOGogYcRpkCwPEIkUmaEokBUOOT9Qw FcIL7e5ZsQF114MijfED+xuvhqY+Pt/BBoiuHrEQdhY9KfykTV7TZuWUZh905Y//0u90 c0Hf5n1r9bGaWPh85cLr6V5KA9TND2HAj3Mibt2745z2e+jVJXCG9rAPCl4oX5HPZlsa MvmR9FMxg+18hT5HU9TC1euY5EV3gSZK4wfI5XLlIXhSB6Ng3LoWyf8GYGPRkbIPOstW rG48aH8K9lwG4JV7a87er6ve7d6YX2/gNm7C6qkwXhIy3Nkmn4cuzLBLLSjP3JkXZaYQ 4yiw==
MIME-Version: 1.0
X-Received: by 10.180.75.49 with SMTP id z17mr16559665wiv.80.1408989427756; Mon, 25 Aug 2014 10:57:07 -0700 (PDT)
Sender: jinmei.tatuya@gmail.com
Received: by 10.194.123.164 with HTTP; Mon, 25 Aug 2014 10:57:07 -0700 (PDT)
In-Reply-To: <53F8475A.1090800@fud.no>
References: <53F33C4F.2070807@si6networks.com> <CAJE_bqfb+v9p-PO8-7xzuYx3rs6Lpvob-Zh8ummgUEqsy764Tg@mail.gmail.com> <53F3931F.9050601@si6networks.com> <CAJE_bqeJBBghP=qXcYUOqQwTPky0uqoog=ifu0pqGi0zycu8kw@mail.gmail.com> <53F51269.8070506@si6networks.com> <CAJE_bqfgp-dpGnPFGKqYNGQK_TszZ8656AJbnQihenks=t9d1w@mail.gmail.com> <53F590A2.2090101@si6networks.com> <CAJE_bqdrN6K3z2JzYH2ArHdrTERfSS+UYDH-YO=sPKpp0K-tDA@mail.gmail.com> <53F8475A.1090800@fud.no>
Date: Mon, 25 Aug 2014 10:57:07 -0700
X-Google-Sender-Auth: aiCdpsIpSaaasWSy74Wn2FRjzq8
Message-ID: <CAJE_bqd7kZ0JusgUJsbb9cnaj5WGj7vGpV-f6QxnUH5-VB5Eag@mail.gmail.com>
From: 神明達哉 <jinmei@wide.ad.jp>
To: Tore Anderson <tore@fud.no>
Content-Type: text/plain; charset="UTF-8"
Archived-At: http://mailarchive.ietf.org/arch/msg/v6ops/Gp_CqUD31-d_5uUqs-vpqlxqiUM
Cc: IPv6 Operations <v6ops@ietf.org>, "opsec@ietf.org" <opsec@ietf.org>
Subject: Re: [v6ops] DoS attacks (ICMPv6-based) resulting from IPv6 EH drops
X-BeenThere: v6ops@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: v6ops discussion list <v6ops.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/v6ops>, <mailto:v6ops-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/v6ops/>
List-Post: <mailto:v6ops@ietf.org>
List-Help: <mailto:v6ops-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/v6ops>, <mailto:v6ops-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Aug 2014 17:58:23 -0000
At Sat, 23 Aug 2014 09:48:42 +0200, Tore Anderson <tore@fud.no> wrote: > > I assumed that stateless translation always uses the well-known > > prefix. Maybe I was incorrect about that? > > Yes, that is incorrect. Per RFC 6052 the operator can use either the > Well-Known Prefix and a Network-Specific Prefix. There are quite few > reasons why one would choose the latter; for example it allows for the > translating device to be reached across the public internet. Another > reason is that only a single WKP exists, so if the operator wants to > deploy both SIIT and NAT64, and/or multiple instances of either > technology, all of his deployments (except for one), must necessarily > use an NSP. Okay, thanks for the correction. In that case this approach cannot be a complete alternative to dropping PTB<1280 unconditionally without affecting possible existing/coming deployments. -- JINMEI, Tatuya
- [v6ops] DoS attacks (ICMPv6-based) resulting from… Fernando Gont
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Nick Hilliard
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Fernando Gont
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Jeroen Massar
- Re: [v6ops] [OPSEC] DoS attacks (ICMPv6-based) re… Fernando Gont
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Simon Perreault
- Re: [v6ops] [OPSEC] DoS attacks (ICMPv6-based) re… Jeroen Massar
- Re: [v6ops] [OPSEC] DoS attacks (ICMPv6-based) re… Roland Dobbins
- Re: [v6ops] [OPSEC] DoS attacks (ICMPv6-based) re… Jeroen Massar
- Re: [v6ops] [OPSEC] DoS attacks (ICMPv6-based) re… Nick Hilliard
- Re: [v6ops] [OPSEC] DoS attacks (ICMPv6-based) re… Philip Homburg
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Fernando Gont
- Re: [v6ops] [OPSEC] DoS attacks (ICMPv6-based) re… Fernando Gont
- Re: [v6ops] [OPSEC] DoS attacks (ICMPv6-based) re… Jeroen Massar
- Re: [v6ops] [OPSEC] DoS attacks (ICMPv6-based) re… Fernando Gont
- Re: [v6ops] [OPSEC] DoS attacks (ICMPv6-based) re… Fernando Gont
- Re: [v6ops] [OPSEC] DoS attacks (ICMPv6-based) re… Jeroen Massar
- Re: [v6ops] [OPSEC] DoS attacks (ICMPv6-based) re… Fernando Gont
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … 神明達哉
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Fernando Gont
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Lorenzo Colitti
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Mark Andrews
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Brian E Carpenter
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Lorenzo Colitti
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Fernando Gont
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Fernando Gont
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Brian E Carpenter
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Brian E Carpenter
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Mark Andrews
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Brian E Carpenter
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Lorenzo Colitti
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Brian E Carpenter
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Fernando Gont
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Tore Anderson
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Tore Anderson
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Fernando Gont
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … 神明達哉
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Fernando Gont
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Joe Touch
- Re: [v6ops] [OPSEC] DoS attacks (ICMPv6-based) re… Roland Dobbins
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … 神明達哉
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Fernando Gont
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Alejandro Acosta
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … 神明達哉
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … Tore Anderson
- Re: [v6ops] DoS attacks (ICMPv6-based) resulting … 神明達哉